Shortcuts
|
Port 8080 Details
known port assignments and vulnerabilities
threat/application/port search:
| Port(s) |
Protocol |
Service |
Details |
Source |
| 8080 |
tcp |
http |
Common alternative HTTP port used for web traffic. See also TCP ports 80,81,8443. It can also be used for HTTP Web Proxies. Some broadband routers run a web server on port 8080 for remote management. WAN Administration can (and should, in most cases) be disabled using routers web-based administration interface.
Ubiquiti UniFi Controller uses these ports:
8080 tcp - http port for UAP to inform controller
8443 tcp - https port for controller GUI/API
8880 tcp - http portal redirect port (may also use ports 8881, 8882)
8843 tcp - https portal redirect port
3478 udp - STUN port (should be open at firewall)
Splunk (big data analysis software) uses the following ports by default:
514 - network input port
8000 - web port (clients accessing the Splunk search page)
8080 - index replication port
8089 - management port (splunkd, aslo used by deployment server)
9997 - indexing port (web interface)
9998 - SSL port
Rainmachine smart sprinkler controllers use ports 80, 8080 and 18080.
Microsoft Lync server uses these ports:
444, 445, 448, 881, 5041, 5060 - 5087, 8404 TCP
80, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic
1434 UDP - SQL
49152-57500 TCP/UDP - media ports
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
If you're not running web services, keep in mind that some trojans also use these ports:
Reverse WWW Tunnel Backdoor - remote access/tunneling software coded in Perl, uses ports 80, 3128, 8080. Works on Unix, Linux, Solaris, AIX and OpenBSD.
RingZero (a.k.a. Ring0, Trojan.PSW.Ring, RingZero.gen, Ring) - uses ports 80, 3128, 8080. Affects Windows 9x.
Screen Cutter (a.k.a. Backdoor.Screencut) - uses ports 80, 8080.
W32.Mydoom.B@mm [Symantec-2004-012816-3647-99] (2004.01.28) - mass-mailing worm that opens a backdoor into the system. The backdoor makes use of TCP ports 80, 1080, 3128, 8080, and 10080.
W32.Spybot.OFN [Symantec-2005-042917-1039-99] (2005.04.29) - network-aware worm with DDoS and backdoor capabilities. Spreads through network shares and exploiting multiple vulnerabilities. It ay be downloaded by W32.Kelvir [Symantec-2005-041414-2221-99] variants. Opens a backdoor on port 8080/tcp. Also exploits vulnerabilities on ports 445 and 1433.
W32.Zotob.C@mm [Symantec-2005-081516-4417-99] (2005.08.16) - a mass-mailing worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It connects to IRC servers and listens for remote commands on port 8080/tcp. It also opens an FTP server on port 33333/tcp.
Note: Same ports are used by the W32.Zotob.A [Symantec-2005-081415-0646-99] and W32.Zotob.B [Symantec-2005-081415-0741-99]variants of the worm as well.
W32.Zotob.E [Symantec-2005-081615-4443-99] (2005.08.16) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000.
The worm connects to IRC servers and listens for remote commands on port 8080/tcp. It opens port 69/udp to initiate TFTP transfers. It also opens a backdoor on remote compromised computers on port 8594/tcp.
Backdoor.Naninf.D [Symantec-2006-020115-0317-99] (2006.02.01)
Backdoor.Naninf.C [Symantec-2006-013111-4821-99] (2006.01.31)
W32.Rinbot.A [Symantec-2007-021615-1555-99] (2007.03.02) - a worm that opens a back door, copies itself to IPC shares, connects to an IRC server, and awaits commands on port 8080/tcp. See Also [CVE-2002-1123], [CVE-2006-2630], [CVE-2006-3439]
Android.Acnetdoor [Symantec-2012-051611-4258-99] (2012.05.16) - opens a backdoor on Android devices
Feodo/Geodo (a.k.a. Cridex or Bugat) trojan used to commit e-banking fraud uses ports 8080 tcp and 7779/tcp to run a nginx proxy and communicate with the botnet C&C server.
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
References: [CVE-2017-2683], [BID-96455]
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
References: [CVE-2017-2682], [BID-96458]
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
References: [CVE-2018-19911]
HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy - the backdoor creates a Windows service backed by an executable named "1314.exe", it lives under C:\WINDOWS and listens on TCP ports 1080 and 8080. Third-party adversaries who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host. The relay does not require authentication or any special User-agent check and leverages the HTTP Host header in the request to connect to third-party systems.
References: [MVID-2021-0176] |
SG
|
| 8080 |
udp |
trojans |
Backdoor.Tjserv.D [Symantec-2005-100415-4002-99] (2005.10.04) - a backdoor trojan that acts as a HTTP and SOCKS4/5 proxy. Opens a backdoor and listens for remote commands on port 8080/udp. Also opens a HTTP, SOCKS4 and SOCKS5 proxy on port 52179/tcp.
On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.
References: [CVE-2019-13129] |
SG
|
| 8080 |
tcp |
|
HTTP alternate (http_alt) - commonly used for Web proxy and caching server, or for running a Web server as a non-root user (official) |
Wikipedia
|
| 8080 |
tcp |
|
Apache Tomcat (unofficial) |
Wikipedia
|
| 8080 |
udp |
|
FilePhile Master/Relay (unofficial) |
Wikipedia
|
| 8080 |
tcp |
trojan |
Reverse WWW Tunnel Backdoor , RingZero, Screen Cutter |
Trojans
|
| 1099,5000-5001,8080 |
tcp |
applications |
DINA RMC |
Portforward
|
| 8080 |
tcp,udp |
applications |
EvoCam |
Portforward
|
| 8080 |
tcp |
applications |
Pirate Radio |
Portforward
|
| 8080 |
tcp |
applications |
Pirate Radio |
Portforward
|
| 7777,8080,8777,9777,27900 |
tcp |
applications |
Unreal Tournament |
Portforward
|
| 8080,8090 |
tcp |
applications |
WebcamXP |
Portforward
|
| 8080,8888 |
tcp |
applications |
X10 Multiview |
Portforward
|
| 8080 |
tcp |
http-proxy |
Common HTTP proxy/second web server port |
Nmap
|
| 8080 |
tcp |
BrownOrifice |
[trojan] Brown Orifice |
Neophasis
|
| 8080 |
tcp |
Genericbackdoor |
[trojan] Generic backdoor |
Neophasis
|
| 8080 |
tcp |
RemoConChubo |
[trojan] RemoConChubo |
Neophasis
|
| 8080 |
tcp |
ReverseWWWTunnel |
[trojan] Reverse WWW Tunnel Backdoor |
Neophasis
|
| 8080 |
tcp |
RingZero |
[trojan] RingZero |
Neophasis
|
| 8080 |
tcp |
threat |
Brown Orifice |
Bekkoame
|
| 8080 |
tcp |
threat |
Feutel |
Bekkoame
|
| 8080 |
tcp |
threat |
Haxdoor |
Bekkoame
|
| 8080 |
tcp |
threat |
Hesive |
Bekkoame
|
| 8080 |
tcp |
threat |
Mydoom |
Bekkoame
|
| 8080 |
tcp |
threat |
Naninf |
Bekkoame
|
| 8080 |
tcp |
threat |
Nemog |
Bekkoame
|
| 8080 |
tcp |
threat |
Reverse WWW Tunnel Backdoor |
Bekkoame
|
| 8080 |
tcp |
threat |
RingZero |
Bekkoame
|
| 8080 |
tcp |
threat |
Ryknos |
Bekkoame
|
| 8080 |
tcp |
threat |
Tjserv |
Bekkoame
|
| 8080 |
tcp |
threat |
W32.Kelvir |
Bekkoame
|
| 8080 |
tcp |
threat |
W32.Mytob |
Bekkoame
|
| 8080 |
tcp |
threat |
W32.Opanki |
Bekkoame
|
| 8080 |
tcp |
threat |
W32.Picrate |
Bekkoame
|
| 8080 |
tcp |
threat |
W32.Spybot |
Bekkoame
|
| 8080 |
tcp |
threat |
W32.Zotob |
Bekkoame
|
| 8080 |
tcp |
threat |
Webus |
Bekkoame
|
| 8080 |
tcp,udp |
http-alt |
HTTP Alternate (see port 80) |
IANA
|
|
38 records found
|
jump to:
|
Related ports: 80 445 514 591 3128 7779 8008 8009 8081 8089 8443 8594 9997 9998 18080 33333 52179
« back to SG Ports
External Resources
SANS Internet Storm Center: port 8080
Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify
a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly
used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
TCP ports use the Transmission Control Protocol, the most commonly used protocol
on the Internet and any TCP/IP network. TCP enables two hosts
to establish a connection and exchange streams of data. TCP guarantees delivery of data
and that packets will be delivered in the same order in which they were sent.
Guaranteed communication/delivery is the key difference between TCP and UDP.
UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol)
and facilitates the transmission of datagrams from one computer to applications on another computer,
but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received
the message to process any errors and verify correct delivery. UDP is often used with time-sensitive
applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.
When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.
This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command.
We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software.
For more detailed and personalized help please use our forums.
|
Please use the "Add Comment" button below to provide additional information or comments about port 8080.
|
|
|
|
|
